[ISN] RockYou sued over data breach

From: InfoSec News <alerts_at_private>
Date: Thu, 31 Dec 2009 20:27:32 -0600 (CST)

By Elinor Mills
InSecurity Complex 
December 30, 2009

An Indiana man filed a lawsuit against RockYou this week alleging that 
the provider of social-networking apps failed to secure its network and 
protect customer data, enabling a hacker to grab passwords of 32 million 
users earlier this month.

The suit seeking class action status was filed Monday in U.S. District 
Court in San Francisco by lawyers for Alan Claridge, of Evansville, 
Ind., who registered with RockYou in August 2008 to use a photo-sharing 
application. RockYou is a publisher and developer of online apps and 
services like "SuperWall" on Facebook and "Slideshow" on MySpace.

Claridge said he received an e-mail from RockYou on December 16 
informing him that his sensitive, personally identifiable information, 
including e-mail address and password, may have been compromised in a 
security breach, according to the suit.

Security firm Imperva notified RockYou on December 4 that it had learned 
of a breach of RockYou's network from underground hacker forums. RockYou 
had been hit with a common type of exploit known as a SQL injection flaw 
that targets information stored in databases and hackers were regularly 
discussing the fact that the hole at RockYou was being exploited, the 
lawsuit said.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Thu Dec 31 2009 - 18:27:32 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 31 2009 - 18:35:10 PST